From 44107dfe8c22ab1052d90abf94766ad92f2faa40 Mon Sep 17 00:00:00 2001
From: HitLuca <luca.simonetto.94@gmail.com>
Date: Sun, 21 Aug 2022 14:01:54 +0200
Subject: [PATCH] =?UTF-8?q?=F0=9F=8F=97=EF=B8=8F=20=20forced=20traefik=20t?=
 =?UTF-8?q?o=20only=20allow=20tls1.2+=20requests?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 roles/traefik/tasks/main.yml                | 11 +++++++++--
 roles/traefik/templates/dynamic_config.toml |  7 +++++++
 roles/traefik/templates/traefik.toml        |  2 ++
 3 files changed, 18 insertions(+), 2 deletions(-)
 create mode 100644 roles/traefik/templates/dynamic_config.toml

diff --git a/roles/traefik/tasks/main.yml b/roles/traefik/tasks/main.yml
index 451112e4b7..22341f435b 100644
--- a/roles/traefik/tasks/main.yml
+++ b/roles/traefik/tasks/main.yml
@@ -7,12 +7,18 @@
     - "{{ traefik_data_directory }}"
     - "{{ traefik_data_directory }}/letsencrypt"
 
-- name: Template Traefik config.toml
+- name: Template Traefik traefik.toml
   template:
     src: traefik.toml
     dest: "{{ traefik_data_directory }}/traefik.toml"
   register: template_config
 
+- name: Template Traefik dynamic_config.toml
+  template:
+    src: dynamic_config.toml
+    dest: "{{ traefik_data_directory }}/dynamic_config.toml"
+  register: template_dynamic_config
+
 - name: Traefik Docker Container
   docker_container:
     name: traefik
@@ -21,9 +27,10 @@
     network_mode: host
     volumes:
       - "{{ traefik_data_directory }}/traefik.toml:/etc/traefik/traefik.toml:ro"
+      - "{{ traefik_data_directory }}/dynamic_config.toml:/etc/traefik/dynamic_config.toml:ro"
       - "{{ traefik_data_directory }}/letsencrypt:/letsencrypt:rw"
       - "/var/run/docker.sock:/var/run/docker.sock:ro"
     env: "{{ traefik_environment_variables }}"
     restart_policy: unless-stopped
     memory: "{{ traefik_memory }}"
-    recreate: "{{ template_config is changed }}"
+    recreate: "{{ template_config is changed or template_dynamic_config is changed }}"
diff --git a/roles/traefik/templates/dynamic_config.toml b/roles/traefik/templates/dynamic_config.toml
new file mode 100644
index 0000000000..3df7a7fe30
--- /dev/null
+++ b/roles/traefik/templates/dynamic_config.toml
@@ -0,0 +1,7 @@
+[tls.options]
+
+  [tls.options.default]
+    minVersion = "VersionTLS12"
+
+  [tls.options.mintls13]
+    minVersion = "VersionTLS13"
\ No newline at end of file
diff --git a/roles/traefik/templates/traefik.toml b/roles/traefik/templates/traefik.toml
index 6d356da950..c2a28cc534 100644
--- a/roles/traefik/templates/traefik.toml
+++ b/roles/traefik/templates/traefik.toml
@@ -24,6 +24,8 @@
   providersThrottleDuration = "2s"
   [providers.docker]
     exposedbydefault = false
+  [providers.file]
+    filename = "/etc/traefik/dynamic_config.toml"
 
 [api]
   insecure = true